Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Double click on hijackthis.exe to extract hijackthis to folder c:\hijackthis.It will extract it to that folder and open the folder for you. It will also create a shortcut on your desktop to HijackThis. It will even self open in notepad.

After you do that

Re Run Hijackthis

At the Main window select "Open the misc tool section"Then select "Open uninstall manager"Then "save list" and save it to your desktop

Rt click and Extract all the archive content to your desktop
â€¢ Open the Smitfraud folder
o Double-click smitfraudfix.cmdo Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt
Open that file, Ctrl+A to copy, and post a copy of that log as a reply to this thread

Restart your PC, and after it starts, but before you see the Windows Splash screenBegin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices)Use your arrow keys and select Safe Mode and then Enter

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.Select option #2 - Clean by typing 2 and press Enter.Wait for the tool to complete and disk cleanup to finish.You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if your computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Once complete reboot your PC into Normal mode, re run Hijackthis and post a fresh log

Double Click Ewido-setup(It will create its own folder)
Once the program starts You will be at the Status menu

Under "Your computers Security"Click change status on Resident shield to inactiveClick Update now (next to last update)After the update loadsUnder Automatic updates Uncheck download and install updates automatically(recommended)(you can always select maual updates the next day)

At the top toolbar Click Scanner Then the settings tab

Under How to act? Set default action for detected malwareTo QuarantineUnder how to scan All boxes should be checkedUnder Possibly unwanted software All boxes should be checkedUnder reports Select Automatically generate report after every scanUncheck Only if threats were foundUnder what to scan Scan every file should be highlited

close all other open windows except Hijackthis and select "Fix checked"If prompted to reboot your PC select No and close Hijackthis

Next Using Windows Search (Start->>Search)Locate and delete the following file

flagloud.exe

Close Search

Next Reboot your PC into Safe Mode

This can be done by restarting your PCThen after it starts, but before you see the Windows splash screen,Tap the F8 key twice a second until you arrive at another menu screenUse your arrow keys->>Select Safe Mode->>Enter

Run Ewido

Click scannerSelect Complete system scan

Once the scan finishes

Select Apply all actions (The items found will be quarantined)Click save report as (Another window will open)Save it to your desktop(By default It will be saved in the Ewido folder as)C:\Program Files\ewido anti-spyware 4.0\Reports

Exit Ewido

Reboot your PC in Normal Mode

Double click the report-scan txt. you saved to your desktopIt will open in NotepadCopy and paste that report as a reply to this thread

First Download CCleaner from here to clean temp files from your computer.

Double click on the file to start the installation of the program. Select your language and click OK, then next. Read the license agreement and click I Agree. Click next to use the default install location. Click Install then finish to complete installation

Double click the CCleaner shortcut on the desktop to start the program.

On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit). If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla. Click on the "Options" icon at the left side of the window, then click on "Advanced." deselect "Only delete files in Windows Temp folders older than 48 hours." Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program

Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.

After CCleaner has completed its process, click Exit

Next Using Windows ExplorerLocate and delete the following file

C:\Documents and Settings\Gary Rodger.MERCURY\Desktop\TUNES\Incomplete\T-535082 <<-This is what caused the infection->>

Close Windows Explorer

Next Open Ewido select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select ""Delete".". Under "Reports"Select "Automatically generate report after every scan" Un-Select "Only if threats were found"Close Ewido

Next Reboot into Safe mode

Run Ewido (We are going to change some settings)

Click scannerSelect Complete system scan

Once the scan finishes

Select Apply all actions (The items found will be quarantined)Click save report as (Another window will open)Save it to your desktop(By default It will be saved in the Ewido folder as)C:\Program Files\ewido anti-spyware 4.0\Reports

Exit Ewido

Reboot your PC in Normal Mode

Double click the report-scan txt. you saved to your desktopIt will open in NotepadSave that report for the time being

1. Click on "Kapersky Online Scanner"2. A new smaller window will pop up. Press on "Accept". After reading the contents.3. Now Kapersky will update the anti-virus database. Let it run.4. Click on "Next"->>"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.5. Then click on "My Computer". And the scan will start.6. Once finished, save a log as ".txt" to the desktop.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.